Cisco Cisco Compression Service Adapter for Cisco 7000 Series Routers 安装指南
7
Data Encryption Service Adapter Installation and Configuration
OL-3588-01
Compliance with U.S. Export Laws and Regulations Regarding Encryption
DES is a symmetric encryption mechanism. A single encryption key (called a session key) is used to both
encrypt and decrypt the data. This key must be generated by the participating routers, without sending
any meaningful data to each other, which might lead a third party (an intruder) into generating the same
key value.
encrypt and decrypt the data. This key must be generated by the participating routers, without sending
any meaningful data to each other, which might lead a third party (an intruder) into generating the same
key value.
Securing Networks
Following are the essential parts to network security:
•
Authenticating routers—a secure network must begin with trusted security devices. This means that
each encryption device in the network must be authenticated to each other network device to which
it will send encrypted data. This eliminates the intruder-in-the-middle attack.
each encryption device in the network must be authenticated to each other network device to which
it will send encrypted data. This eliminates the intruder-in-the-middle attack.
•
Setting encryption policies—including a declaration to networks that are to be encrypted and
provision for time limits on encrypted sessions.
provision for time limits on encrypted sessions.
•
Connection setup—provide secure connections that are as immune as possible to the effects of
attackers listening in.
attackers listening in.
•
Use of secure encryption keys—define the types of encryption to use over a secure network.
Compliance with U.S. Export Laws and Regulations Regarding
Encryption
Encryption
This product performs encryption and is regulated for export by the U.S. Government. Following is
specific information regarding compliance with U.S. export laws and regulations for encryption
products:
specific information regarding compliance with U.S. export laws and regulations for encryption
products:
•
This product is not authorized for use by persons located outside the United States and Canada that
do not have export license authority from the U.S. Government.
do not have export license authority from the U.S. Government.
•
This product may not be exported outside the U.S. and Canada either by physical or electronic means
without the prior written approval of the U.S. Government.
without the prior written approval of the U.S. Government.
•
Persons outside the U.S. and Canada may not reexport, resell, or transfer this product by either
physical or electronic means without prior written approval of the U.S. Government.
physical or electronic means without prior written approval of the U.S. Government.
What Is the Data Encryption Service Adapter?
The ESA (see ) provides the hardware-based encryption mechanisms required to perform data
encryption in Cisco 7000 family routers in which ESA is installed. The product number is
SA-Encrypt(=), and the ESA uses a 40-bit or 56-bit Data Encryption Standard (DES), which is
configurable via the Cisco IOS crypto engine (also called the software (SW) crypto engine).
encryption in Cisco 7000 family routers in which ESA is installed. The product number is
SA-Encrypt(=), and the ESA uses a 40-bit or 56-bit Data Encryption Standard (DES), which is
configurable via the Cisco IOS crypto engine (also called the software (SW) crypto engine).
The ESA provides data encryption mechanisms using PK technology based on the concept of the
Protected Entity (PE), and employing the Data Encryption Standard (DES) and the Digital Signature
Standard (DSS), to ensure secure data and information can be transferred between similarly equipped
hosts on your network.
Protected Entity (PE), and employing the Data Encryption Standard (DES) and the Digital Signature
Standard (DSS), to ensure secure data and information can be transferred between similarly equipped
hosts on your network.
The ESA can be installed in the Cisco 7200 series routers; however, only one ESA can be installed in a
Cisco 7200 series router. There are no slot restrictions and any chassis slot can be used; however, you
must observe special requirements. Before installing or removing an ESA from a Cisco 7200 series
router, refer to the section “
Cisco 7200 series router. There are no slot restrictions and any chassis slot can be used; however, you
must observe special requirements. Before installing or removing an ESA from a Cisco 7200 series
router, refer to the section “
” on page 33.